[Bug 2084104] Re: UEFI GRUB2 enforces NX even with a non-NX shim
Mate Kukri
2084104 at bugs.launchpad.net
Thu Oct 10 15:02:36 UTC 2024
I've also found a machine I own that reproduces this... Looking into the
root cause currently
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/2084104
Title:
UEFI GRUB2 enforces NX even with a non-NX shim
Status in grub2 package in Ubuntu:
In Progress
Bug description:
Please also see final comments on
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2078307, this
whole thing stareted there.
There are two known affected machines currently, one is confirmed to
correctly be running the non-NX shim and 2.12-5ubuntu5 GRUB.
Despite this, the GRUB on these machines decides to always enforce NX,
likely because the MokPolicy variable is not being exported exactly as
GRUB expects.
This happens with both Secure Boot enabled and disabled.
I have a suspicion that some of the attribute checks in this function
are not behaving as expected on these firmwares:
https://git.launchpad.net/~ubuntu-uefi-
team/grub/+git/ubuntu/tree/debian/patches/nx/efi-Disallow-fallback-to-
legacy-Linux-loader-when-shim-sa.patch#n22
The only obvious impact right now is Windows chainloading from GRUB on
specific affected machines.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2084104/+subscriptions
More information about the foundations-bugs
mailing list